*** mhen_ is now known as mhen | 02:34 | |
opendevreview | Milana Levy proposed openstack/barbican-tempest-plugin master: DNM:Added a test for automate an exploit that was introduced in "cve_2022_3100" The exploit is that a malicious user with a Keystone account is able to decrypt any secret as long as they know the secret's ID by using a specifically crafted query string: GET /v1/secrets/{secret-id}/payload?target.secret.read=read https://review.opendev.org/c/openstack/barbican-tempe | 09:32 |
---|---|---|
opendevreview | Milana Levy proposed openstack/barbican-tempest-plugin master: DNM:Added a test for automate an exploit that was introduced in "cve_2022_3100" The exploit is that a malicious user with a Keystone account is able to decrypt any secret as long as they know the secret's ID by using a specifically crafted query string: GET /v1/secrets/{secret-id}/payload?target.secret.read=read https://review.opendev.org/c/openstack/barbican-tempe | 14:06 |
opendevreview | Milana Levy proposed openstack/barbican-tempest-plugin master: DNM:Added a test for automate an exploit that was introduced in "cve_2022_3100" The exploit is that a malicious user with a Keystone account is able to decrypt any secret as long as they know the secret's ID by using a specifically crafted query string: GET /v1/secrets/{secret-id}/payload?target.secret.read=read https://review.opendev.org/c/openstack/barbican-tempe | 14:11 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!